Adversity can inspire creativity. It can also inspire insanity. Somewhere in between, we sing of the world electric. Data flows, laws are created and bypassed, privacy is threatened, Bad Guys drink their Red Bull, and the lowly information security professionals of the world stand a vigilant watch. Infosec workers huddle together against the storm, the small campfire of hope burning by our feet. On the coldest nights, stories are told, songs are sung, and coffee is consumed.

Thursday, May 17, 2012

SPC 2012 - No Fear

What information security professionals do and why they do it is not well understood by those outside our field. This leads to fear and confusion whenever we enter the conversation. But we are here to help, and our users should know that.

No Fear

I see you.Well, I see your packets.
Don't look offended.
It's my job.
Serve and protectthe servers.
Allow and refusethe users
Who knock on the doors,Salesmen selling brushesto a house of bald old men.
But we let them in
Academic freedom!
Science can't say no.

I keep your Internet flowing.
I don't see your browser's view
But I keep the view from pulling youdown.the vertigoyour computerbetrays youexposes youtakes your lifelays it out bare
For the monsterswho look to takewhat you areAnd propel itout of controlacross the world.

You worry that I mightsee you say "cantaloupe"
When a horde is pounding at your door
Paparazzi seeking a viewof your secret placesand secret faces.
I am not your enemy.
I do not representThe Man.
The Man fears me too.

I seek to find the truth.
I seek to hide the truths
From those who you want blind.

Help me help you.
Learn to trust,Let me earn that trust.

I can viewwithout judgement.

I can shieldwithout blocking.

I can securewithout bindings.

You can live

without fear.

For Beth and Holly, who thankfully didn't laugh at the haiku, even though it wasn't that good.

About Me

I write. I play games. I drink coffee. I do information security to pay the bills. Most of those bills are coffee and game-related.

Professionally, I've been in the information security field since 1999 with a focus on government and higher education. I have held a CISSP certification since 2000. Recently, my work has focused on compliance efforts, privacy topics, assessments, and consulting. I have presented on various topics at numerous conferences, sat on the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) Technical Advisory Group, and was a member of the Computer Security Incidents - Internet2 (CSI2) Working Group. I drink a lot of coffee and write on occasion. These are sometimes done together, which makes strange magic happen.

I hear the coffee dripping down,From steam to grinds to pot it sounds.No better gift in nature found.This music makes the heart resound.